Page 19

Industrial Ethernet Book 104

Time synchronization in IEC 61850 substations under control! The most comprehensive range of advanced IEC 61850 and IEEE 1588 testing tools for substations and laboratories. OTMC 100p IEEE 1588/PTP Grandmaster Clock TICRO 100 IEEE 1588/PTP Time Converter www.omicron-lab.com/timing DANEO 400 IEC 61850 Signal Recorder & Analyzer EMCON 200 PTP-Transparent Media Converter www.omicronenergy.com/puc The rise in cyber-attacks on critical infrastructure has resulted in cybersecurity becoming a central concern. cloud infrastructure can be located within the corporate network, or outside the network operated by a partner. Many end users are implementing an internal cloud model. Data pulled from the IIoT would be gathered and stored on equipment residing in the corporate network. Housing data on internal equipment connected to a network controlled by the end user helps to safeguard potentially critical data. Using an external partner creates a number of trust boundaries that can impact security and privacy. Information must be protected for both privacy and security. For example, stolen credentials could allow attackers to access critical data. Moreover, attacks on other cloud customers hosted by the partner may propagate. Dealing with legacy equipment The first key concept involves securing systems. Product lifecycle has a huge impact on security in industrial applications. Unlike IT environments, products can remain in active service in industrial control systems for as long as 30 years. It is unrealistic to assume that end users will update older components when implementing IIoT. Thus, IIoT systems will include legacy end devices that were developed prior to advent of security standards alongside new end devices with native security features. Let’s begin by looking at the challenges posed by legacy devices. Most industrial installations contain equipment that is antiquated from IT and security perspectives. Legacy equipment is at greater risk of attack than equipment with the latest versions of security features. There are two options available to mitigate this issue, selection between the two will be driven by the application. 1. Limit communication to data collection only. This is the safest option but may not be viable for all applications. 2. Placing restrictions on device access. Note that this will require monitoring the integrity of communications to insure data is not changed as it travels between devices. This option is more practical as limiting access to data collection is not feasible for many applications. Devices that have been recently deployed will have security features. In this case you may be able to operate without building security around devices. Purchasing considerations If customers choose to update legacy equipment, selecting equipment with firmware and software signing is critical to insure secure patching. You should also lean towards products developed using a secure development lifecycle (SDL). Most organizations have a well-defined process to create, release, and maintain products. However, increasing concerns and business risks associated with insecure products have brought increased attention to the need to integrate security into the development process. You should ask potential vendors to supply proof that development centers have been certified to standards such as IEC 62443- 4-1. Third party certification of a development process can provide confidence that products were developed using secure practices, reducing potential implementation risk. Conclusion Connecting devices to each other and the cloud opens the door for an intelligent process, potentially leading to significant improvements in productivity and efficiency of key business operations. The tools to successfully implement the IIoT are in place today, but change will be evolutionary vs. revolutionary. End users will weigh the value of new functionality against the risk of making changes to their control system which will impede rapid change. Security will be a key factor impacting success. System design, product features, secure development processes, and implementation expertise will have to be taken into consideration when implementing new IIoT systems and applications. Fabrice Jadot, Chief Technology Officer for industry business driving automation system architecture, cyber-security and automation digital transformation, Schneider Electric. 2.2018 industrial ethernet book


Industrial Ethernet Book 104
To see the actual publication please follow the link above